When do you know it is time to upgrade to a new firewall? From the Cisco Podcast #7 "Monitoring Firewall Performance", the speakers said when the CPU usage consistently is at 50% or higher, that is the time to upgrade. They gave their reasons which made sense. And I can check the CPU usage with a show cpu usage command.
Are there any other signs beside CPU usage that it is time to upgrade the firewall?
If you are not running any additional features (like threat detection, inspections, various proxies) and are reaching 50% you might consider an upgrade indeed, especially if you're seeing spiky load.
However before making a decision like this, I would run this by TAC. Don't get me wrong, TAC does not perform capacity planning, but will at least tell you about features that consume CPU, which you might not be using/needing.
1) Yes. If your device is reaching 50 % of the cpu usage then you may need to upgrade for the consistent performance.
but the cpu usage increase may be due to other issues as well. But if everything is normal and cpu usage is crossing 50% then you may need to upgrade. This is one of the reason only. there are lot other.
2) Depends on your future expansion / requirement you may need for an upgrade in the model.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...